[gentoo-user] mod_suphp

[gentoo-user] mod_suphp

[Michael Sullivan]

Has anyone out there had any success with www-apache/mod_suphp?  If so,
I could use some help.  I've never been able to make it execute .php
files that aren't in /var/www/localhost/htdocs, and I can't even figure
out why it allows those, unless it's because /var/www/localhost/htdocs
is my DEFAULT_VHOST.  I looked in
the /etc/apache2/vhosts.d/00_default_vhost.conf file and can see no
suphp stuff, nor even any references to any.  My /etc/suphp.conf is
pretty simple:

camille ~ # cat /etc/suphp.conf
[global]
;Path to logfile
logfile=/var/log/apache2/suphp_log

;Loglevel
loglevel=info

;User Apache is running as
webserver_user=apache

;Path all scripts have to be in
docroot=/

; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true

;Send minor error messages to browser
errors_to_browser=true

;PATH environment variable
env_path=/bin:/usr/bin

;Umask to set, specify in octal notation
umask=0077

; Minimum UID
min_uid=81

; Minimum GID
min_gid=81


[handlers]
;Handler for php-scripts
x-httpd-php=php:/usr/lib/php5/bin/php-cgi
x-httpd-php5=php:/usr/lib/php5/bin/php-cgi
x-httpd-php4=php:/usr/lib/php4/bin/php-cgi
x-httpd-phtml=php:/usr/lib/php5/bin/php-cgi

;Handler for CGI-scripts
x-suphp-cgi=execute:!self

What am I doing wrong here?   I really need this, or if not this, a good
workaround.  I work for the Director of Music at our local college.
Since February I've been working on a web interface for next years Music
Festivals.  I wrote it in PHP because it's the scripting language that I
know best.  The web interface is finished except for one detail; it
needs to be able to email log reports of actions done by directors
registered with the script.  The problem is that I want the user
'festival@espersunited.com' to mail out the log reports, but I can't
have that with the current setup because the script will execute under
user 'apache' and I don't really want apache in the mail group.  Can
anyone help me out here?

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: mod_suphp

[Michael Sullivan]

On Wed, 2006-09-20 at 22:34 -0500, Michael Sullivan wrote:
> Has anyone out there had any success with www-apache/mod_suphp?  If so,
> I could use some help.  I've never been able to make it execute .php
> files that aren't in /var/www/localhost/htdocs, and I can't even figure
> out why it allows those, unless it's because /var/www/localhost/htdocs
> is my DEFAULT_VHOST.  I looked in
> the /etc/apache2/vhosts.d/00_default_vhost.conf file and can see no
> suphp stuff, nor even any references to any.  My /etc/suphp.conf is
> pretty simple:
> 
> camille ~ # cat /etc/suphp.conf
> [global]
> ;Path to logfile
> logfile=/var/log/apache2/suphp_log
> 
> ;Loglevel
> loglevel=info
> 
> ;User Apache is running as
> webserver_user=apache
> 
> ;Path all scripts have to be in
> docroot=/
> 
> ; Security options
> allow_file_group_writeable=false
> allow_file_others_writeable=false
> allow_directory_group_writeable=false
> allow_directory_others_writeable=false
> 
> ;Check wheter script is within DOCUMENT_ROOT
> check_vhost_docroot=true
> 
> ;Send minor error messages to browser
> errors_to_browser=true
> 
> ;PATH environment variable
> env_path=/bin:/usr/bin
> 
> ;Umask to set, specify in octal notation
> umask=0077
> 
> ; Minimum UID
> min_uid=81
> 
> ; Minimum GID
> min_gid=81
> 
> 
> [handlers]
> ;Handler for php-scripts
> x-httpd-php=php:/usr/lib/php5/bin/php-cgi
> x-httpd-php5=php:/usr/lib/php5/bin/php-cgi
> x-httpd-php4=php:/usr/lib/php4/bin/php-cgi
> x-httpd-phtml=php:/usr/lib/php5/bin/php-cgi
> 
> ;Handler for CGI-scripts
> x-suphp-cgi=execute:!self
> 
> What am I doing wrong here?   I really need this, or if not this, a good
> workaround.  I work for the Director of Music at our local college.
> Since February I've been working on a web interface for next years Music
> Festivals.  I wrote it in PHP because it's the scripting language that I
> know best.  The web interface is finished except for one detail; it
> needs to be able to email log reports of actions done by directors
> registered with the script.  The problem is that I want the user
> 'festival@espersunited.com' to mail out the log reports, but I can't
> have that with the current setup because the script will execute under
> user 'apache' and I don't really want apache in the mail group.  Can
> anyone help me out here?

A little more information.  I have a file named test.php.  It's a simple
print statement.  I have a copy in /var/www/localhost/htdocs/ and
another one in /home/test/public_html/ .  The one
at /var/www/localhost/htdocs/test.php works fine, but when I go to
http://localhost/~test/test.php , I get this:

Internal Server Error
File "/home/test/public_html/test.php" is not in document root of Vhost
"/var/www/localhost/htdocs"


________________________________________________________________________
suPHP 0.6.1

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: mod_suphp

[Mark Kirkwood]

Michael Sullivan wrote:

>>
>> ;Path all scripts have to be in
>> docroot=/
>>
>> ; Security options
>> allow_file_group_writeable=false
>> allow_file_others_writeable=false
>> allow_directory_group_writeable=false
>> allow_directory_others_writeable=false
>>
>> ;Check wheter script is within DOCUMENT_ROOT
>> check_vhost_docroot=true
>>

> A little more information.  I have a file named test.php.  It's a simple
> print statement.  I have a copy in /var/www/localhost/htdocs/ and
> another one in /home/test/public_html/ .  The one
> at /var/www/localhost/htdocs/test.php works fine, but when I go to
> http://localhost/~test/test.php , I get this:
> 
> Internal Server Error
> File "/home/test/public_html/test.php" is not in document root of Vhost
> "/var/www/localhost/htdocs"
> 

I suspect that the directive 'check_vhost_docroot=true' is causing the 
error. I guess you need it set to false for what you want to work.... 
this lessens your security a bit unfortunately. I'm a little rust on Php 
configuration, but there should be some way to specify that *only* 
docroot and your userdir roots can execute php...

Cheers

Mark
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: mod_suphp

[Michael Sullivan]

On Thu, 2006-09-21 at 16:41 +1200, Mark Kirkwood wrote:
> Michael Sullivan wrote:
> 
> >>
> >> ;Path all scripts have to be in
> >> docroot=/
> >>
> >> ; Security options
> >> allow_file_group_writeable=false
> >> allow_file_others_writeable=false
> >> allow_directory_group_writeable=false
> >> allow_directory_others_writeable=false
> >>
> >> ;Check wheter script is within DOCUMENT_ROOT
> >> check_vhost_docroot=true
> >>
> 
> > A little more information.  I have a file named test.php.  It's a simple
> > print statement.  I have a copy in /var/www/localhost/htdocs/ and
> > another one in /home/test/public_html/ .  The one
> > at /var/www/localhost/htdocs/test.php works fine, but when I go to
> > http://localhost/~test/test.php , I get this:
> > 
> > Internal Server Error
> > File "/home/test/public_html/test.php" is not in document root of Vhost
> > "/var/www/localhost/htdocs"
> > 
> 
> I suspect that the directive 'check_vhost_docroot=true' is causing the 
> error. I guess you need it set to false for what you want to work.... 
> this lessens your security a bit unfortunately. I'm a little rust on Php 
> configuration, but there should be some way to specify that *only* 
> docroot and your userdir roots can execute php...
> 
> Cheers
> 
> Mark

I found something at
http://www.gentoo.org/proj/en/php/php4-php5-configuration.xml .  I hope
it works out for me...

-- 
gentoo-user@gentoo.org mailing list